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(S//SI//REL) New query tool , VIVIDDREAM, tells whether a VPN S SERIES: 

session is likely exploitable — without revealing any close-hold (U) SIGDEV Collaboration 
information. 


1 . 

(S//SI//REL) Ever hear the phrase, "It's so secret that if I told you, 

I'd have to kill you"? This may be rather extreme, but when dealing 
with Virtual Private Networks* (VPNs) in the field, it captures some 
of the challenges of being away from NSA-W. Exploiting VPNs 2 . 

makes use of some of the newest state-of-the-art techniques and 
because of this, the exploitation details are held closely and 3 

generally not available to field sites. When VPNs were discovered 
at Yakima Research Station (YRS), a time-consuming manual 4 

process was required that involved analysts from both YRS and 
NSA-W's Cryptanalysis and Exploitation Services (CES) to 
determine the likely exploitability of a given network. This process 
generally involved forwarding data from field survey traffic and an 
analyst-to-analyst exchange of information. Frustration was often 
the result when it was found that the time and effort spent had 
been for a network that was not, in fact, likely exploitable. 

(S//SI//REL) Analysts at Yakima Research Station dreamed of a 
magic box that could accept information about a network and give 
a simple yes or no answer as to whether a VPN session might be 
exploited and to obtain that answer without revealing any sensitive 
information. Such a shortcut would assist with the network "triage" 
that frequently must take place in the field: A yes could tag a 
network for possible exploitation and a no could mark a network for 
further study. This magic box is precisely what YRS created in the 
form of the VIVIDDREAM query tool. 

(S//SI//REL) The VIVIDDREAM query tool automatically sends 
metadata about a collected VPN to VIVIDDREAM, a Cryptographic 
Exploitation Services database, and returns only a positive or 
negative response. Since a definitive answer based on the limited 
metadata is impossible, CES analysts have been striving to educate 
query tool users on the interpretation of often ambiguous 
responses. While the query tool offers an analyst performing VPN 
SIGDEV a glimpse into the possibilities of VPN exploitation, direct 
interaction with CES is still necessary to proceed with exploitation 
of a target's VPN communications. 

(S//SI//REL) The VIVIDDREAM query tool treads the delicate line 
between protecting VPN exploitation capabilities and enabling VPN 
SIGDEV to proceed. The developers took care to make the tool 
shareable across the SIGINT enterprise and to promote its use. It 
was featured at the VPN boot camp at NSA-Hawaii and briefed at 
the annual SIGDEV conference in June 2006. This marketing push 
has been effective and has resulted in over seventy downloads 
from the YRS software sharing site. With the use of the 
VIVIDDREAM query tool from both the field and NSA-W elements, 


F 6 , NSA Texas, and 

Yakima Research 
Station Collaborate 

on Venezuela Survey 

New Iranian NERA 

Satlink Identified 

Giving Answers, 
Keeping Secrets 
A Success Story, In 

Which the MSOC 
Takes On a Pakistani 

GSM Network 















significant time is saved and sensitive information is given the 
protection it requires. 

(U//FOUO) For more information about VIVIDDREAM and the YRS- 
developed query to ol, type :"_gg_yjy jd dream " in your intr anet 
browser or c ontact F921C or|| 


*(U) Note: For some background info on VPNs, see an earlier 
SIDtoday article, " Efforts Against Virtual Private Networks Bear 
Fruit. " 
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